package com.movieproject.src;

import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.mail.MailSender;
import org.springframework.mail.SimpleMailMessage;
import org.springframework.stereotype.Controller;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;

import com.movieproject.daos.UserDAO;
import com.movieproject.dataobjects.User;

@Controller
@Transactional
public class ResetPasswordController { 
    @Autowired
    MailSender mailSender;
    
    @Autowired
    UserDAO userDAO;
    
    @RequestMapping(value = "resetpassword", method = RequestMethod.GET)
    public String resetPassword() {

	return "resetpassword";
    }
    
    @RequestMapping(value = "resetpassword", method = RequestMethod.POST)
    public String sendResetEmail(@RequestParam (value = "emailField", required = true) String emailAddress) {
        User user = userDAO.getUser(emailAddress);
	if(user == null) {
	    return "redirect:/resetpassword?foundUser=false";
	}
	SimpleMailMessage message = new SimpleMailMessage();
        message.setTo(emailAddress);
        message.setSubject("Rentflix Password Reset");
        String resetCode = AppSecurity.generateResetCode();
        String resetLink = ServletUriComponentsBuilder.fromCurrentContextPath().path("/reset?resetCode=" + resetCode + "&emailField=" + emailAddress).build().toUriString();
        String emailText = "If you have requested a password reset, follow this link to complete it: " + resetLink;
        message.setText(emailText);
        mailSender.send(message);
        String resetHash = "";
	try {
	    resetHash = AppSecurity.createHash(resetCode);
	} catch (NoSuchAlgorithmException e) {
	    e.printStackTrace();
	} catch (InvalidKeySpecException e) {
	    e.printStackTrace();
	}
        user.setResetHash(resetHash);
        userDAO.updateUser(user);
        return "redirect:/resetpassword?emailSent=true";
    }
    
    @RequestMapping(value = "reset", method = RequestMethod.GET)
    public ModelAndView newPassword(
	    @RequestParam (value = "resetCode", required = true) String resetCode, 
	    @RequestParam (value = "emailField", required = true) String emailField) {
	ModelAndView m = new ModelAndView();
	m.getModelMap().addAttribute("resetCode", resetCode);
	m.getModelMap().addAttribute("emailField", emailField);
	return m;
    }
    
    @RequestMapping(value = "reset", method = RequestMethod.POST)
    public String password(
	    @RequestParam (value = "password", required = true) String password, 
	    @RequestParam (value = "resetCode", required = true) String resetCode,
	    @RequestParam (value = "emailField", required = true) String emailAddress) {
	User user = userDAO.getUser(emailAddress);
	String resetHash = user.getResetHash();
	try {
	    if(AppSecurity.validateHash(resetCode, resetHash)) {
	        String passwordHash = AppSecurity.createHash(password);
	        user.setPassword(passwordHash);
	        user.setResetHash(null);
	        userDAO.updateUser(user);
	        return "redirect:/resetmessage/?resetSuccess=true";
	    }
	    else {
		return "redirect:/resetmessage/?resetSuccess=false";
	    }
	} catch (NoSuchAlgorithmException e) {
	    e.printStackTrace();
	} catch (InvalidKeySpecException e) {
	    e.printStackTrace();
	}
	return "Login";
    }
    
    @RequestMapping(value = "resetmessage", method = RequestMethod.GET)
    public String resetMessage() {return "resetmessage";}
}
